SOX/COBIT Framework - netwrix.com · SOX requires all listed companies to adopt Internal Controls over Financial Reporting (ICFR) and establish internal auditing ... control families;

SOX/COBIT Framework and Netwrix Auditor Mapping

www.netwrix.com | Toll-free: 888-638-9749

https://www.netwrix.com/?utm_source=content&utm_medium=mapping&utm_campaign=hipaa-mapping

2

About SOX

All public companies in the U.S. are subject to Sarbanes Oxley (SOX) compliance without exceptions. SOX compliance

requirements also apply to overseas operations of U.S. public companies and international companies listed on U.S.

exchanges.

SOX requires all listed companies to adopt Internal Controls over Financial Reporting (ICFR) and establish internal auditing

of the adopted ICFR. The Sarbanes-Oxley Act does not provide any specific recommendations for implementation of internal

controls; instead, it requires organization to adopt a “recognized control framework”.

One such frameworks is COBIT, which is focused on governance of enterprise information technology; it is aligned with

another common framework, COSO, which provides more general guidance on internal control over financial reporting.

These frameworks are more effective in tandem, since COBIT complements COSO in the area of the governance and

management of enterprise IT.

3

Mapping of the provisions of the COBIT framework to

Control Processes

The following table lists some of the key provisions of the COBIT framework and explains how Netwrix Auditor can help

your organization implement these provisions and achieve compliance with SOX. Please note that the efforts and

procedures required to comply with SOX requirements may vary depending on an organization’s systems configuration,

internal procedures, nature of business and other factors. Implementation of the procedures described below will not

guarantee SOX compliance, and not all the COBIT provisions that Netwrix Auditor can possibly support are included. This

mapping should be used as a reference guide to help you implement policies and procedures tailored to your organization’s

unique situation and needs.

APO12 Manage Risk

Control Description Control Process

APO12.01 Collect data

Identify and collect relevant data to enable effective

IT-related risk identification, analysis and reporting.

Risk Assessment

Risk Assessment

Security Categorization

APO12.02 Analyze risk

Develop useful information to support risk decisions

that take into account the business relevance of risk

factors.

Risk Assessment

Risk Assessment


APO12.06 Respond to risk

Respond in a timely manner with effective measures

to limit the magnitude of loss from IT-related events.

Risk Assessment

Risk Assessment


4

APO13 Manage Security


APO13.01 Establish and maintain an ISMS

Establish and maintain an ISMS that provides a

standard, formal and continuous approach to security

management for information, enabling secure

technology and business processes that are aligned

with business requirements and enterprise security

management.

Identification and Authentication

Access Control

Audit and Accountability

Configuration Management

Incident Response

Risk Assessment

System and Information Integrity

(To address this broad provision, an organization needs

to implement a wide set of security procedures and

organizational improvements from several different

control families; no particular control process alone can

ensure compliance with this requirement.)

BAI10 Manage Configuration


BAI10.02 Establish and maintain a configuration

repository and baseline

Establish and maintain a configuration management

repository and create controlled configuration

baselines.


Baseline Configuration

BAI10.04 Produce status and configuration reports

Define and produce configuration reports on status

changes of configuration items.


Configuration Change Control

DSS01 Manage Operations


DSS01.03 Monitor IT infrastructure

Monitor the IT infrastructure and related events. Store

sufficient chronological information in operations logs

to enable the reconstruction, review and examination

of the time sequences of operations and the other

activities surrounding or supporting operations.

Audit and Accountability Audit Record Generation

Audit Record Retention

Audit Trial Review

5

DSS02 Manage Service Requests and Incidents


DSS02.04 Investigate, diagnose and allocate

incidents

Identify and record incident symptoms, determine

possible causes, and allocate for resolution.

Incident Response

Incident Detection Incident Analysis

DSS02.05 Resolve and recover from incidents

Document, apply and test the identified solutions or

workarounds and perform recovery actions to restore

the IT-related service.

Incident Response

Incident Mitigation

DSS05 Manage Security Services


DSS05.04 Manage user identity and logical access

Ensure that all users have information access rights in

accordance with their business requirements and co-

ordinate with business units that manage their own

access rights within business processes.


User Identification Device Identification Identifier Management Authenticator Management

Access Control

Inactive Accounts Role and Group Assignment Access Enforcement Least Privilege

DSS05.07 Monitor the infrastructure for security-

related events

Using intrusion detection tools, monitor the

infrastructure for unauthorized access and ensure

that any events are integrated with general event

monitoring and incident management.

Access Control

Account Management Audit Account Usage Monitoring


Information System Monitoring

6

Control Processes

Control Processes Facilitated by Netwrix Auditor

From the compliance perspective, IT operations can be viewed and managed as a collection of control processes. Such

processes allow focusing organizational efforts on a specific area of IT, enforcing certain policies, and establishing particular

set of compliance controls. While control processes can be seen as separate entities for the purposes of implementation

and management simplicity, in fact all these processes are deeply interconnected and often intrinsic to many regulations

and best practices frameworks.


Access Control



Incident Response

Risk Assessment



The objective of the identification and authentication controls is to ensure that all users and devices accessing information

systems are uniquely identifiable and their authenticity is verified before the system grants access. Identification and

authentication are crucial for ensuring accountability of individual activity in the organizational information systems.

User Identification

Audit the identification and authentication processes for users who access your information systems.

How to Implement Control Applicable Netwrix Auditor Features

Cross-reference HR data with Active Directory user

accounts in order to:

Ensure that each user with a business need to

access your information systems has a unique

account.

Identify personal accounts that cannot be traced

to a particular individual.

Active Directory State-in-Time reports

User Accounts

Review audit trails to check whether the use of shared

accounts complies with your policies.

User Behavior and Blind Spot Analysis reports

Logons by Single User from Multiple

Endpoints

Interactive Search

Who = shared account

7

Correlate employee absence data (typically from HR) with

the access audit trail to spot suspicious activity.

Active Directory – Logon Activity reports

All Logon Activity

Interactive Search

Action = Interactive Logon

Device Identification

Audit the identification and authentication processes for devices used to access your information systems.


Crosscheck the IT inventory against the list of computer

accounts in Active Directory.

Active Directory — State-in-Time reports

Computer Accounts

Review all computer domain joins and all account

creations, modifications and deletions to spot any

unauthorized changes to computer accounts.

Active Directory Changes reports

Computer Account Changes

Interactive Search

Object Type = Computer

Audit dynamic address allocation to devices by monitoring

the DHCP server for:

DHCP scopes

Lease parameters and assignments

Interactive Search

Object Type = DHCP Scope

Audit remote network connections to identify

unauthorized remote devices.

Netwrix Auditor Add-on for RADIUS Server

Active Directory - Logon Activity reports

Identifier Management

Audit provisioning, modification and de-provisioning of users and groups.


Review the creation, modification and deletion of users

and groups to spot:

Unauthorized changes

Identifiers that do not comply with the your

naming standards and policies (e.g., no public,

generic or reused identifiers)


User Account Changes


Security Group Changes

Interactive Search

Object Type = Group | User

Configure alerts to notify designated personnel about

unauthorized account changes.

Custom alerts for user account modifications

8

Authenticator Management

Review changes to password policy requirements, and audit user and admin activity for policy compliance.


Audit changes to account policy settings to spot

inappropriate or unauthorized modifications. Settings to

check include:

Account lockout threshold, duration and status

reset

Max/min password age

Enforce password history

Enforce strong passwords

Irreversible password encryption

Active Directory – Group Policy Changes reports

Account Policy Changes

Password Policy Changes

GPO Link Changes

Active Directory Group Policy State-in-Time reports

Account Policies

Alert designated personnel about Group Policy changes

related to account passwords.

Predefined Alerts

Password Tampered alert

Audit administrative password resets to spot

unauthorized or suspicious changes.


Password Resets by Administrator

Correlate new user account creation with account

password resets to ensure that users change their initial

password on first logon.


User Account Changes (added)

User Password Changes

Interactive Search

Details Contains ‘Password Reset’

Ensure that accounts with credentials reported lost or

compromised are promptly reset or disabled according to

policy.


User Account Status Changes

Password Resets by Administrator

9

Access Control

The goal of access control measures is to ensure that information system accounts are properly managed and that access

is granted based on the principle of least privilege. Netwrix Auditor supports access control by enabling full visibility into

account provisioning and deprovisioning, permissions management, and user activity.

Account Management Audit

Audit the creation, modification, enabling, disabling and removal of user accounts.


Review changes to user accounts on key information

systems to spot deviations from your account

management policies and procedures.




Recently Enabled Accounts

Temporary User Accounts

Azure AD reports

User Account Management in Azure AD

Oracle Database reports

Account Management

Windows Server Changes reports

Local Users and Groups Changes

Alert designated security personnel whenever a sensitive

account is changed.

Predefined alerts

Account Enabled

Account Disabled

Account Deleted

Security Changes on Windows Server

Account Usage Monitoring

Monitor user activity for abnormal or suspicious events.


Review user logons and resource access on a regular basis

to spot abnormal account use and violations of account use

policy.

Activity Summary email notifications




Access to Archive Data

Data Access Surges

Activity Outside Business Hours

Failed Activity Trend

10

Logons by Multiple Users from Single

Endpoint


Endpoints

Non-owner Mailbox Access

Review user access to sensitive and regulated data to

detect access policy violations

Data Discovery and Classification reports

Activity Related to Sensitive Files and Folders

Enable designated security personnel to respond promptly

to potential access abuse.

Predefined alerts

Logon to a Specific Machine alert

Logon Attempt to a Disabled Account alert

Multiple Failed Logons alert

Interactive Search

Who = suspicious account

Review audit trails to spot use of shared accounts that

violates your policies.



Endpoints

Interactive Search

Who = shared account

Inactive Accounts

Disable unused accounts after a defined period of inactivity.


Identify dormant or orphaned user and computer accounts

and handle them appropriately according to policy.

Inactive User Tracker tool, which can identify unused

accounts and automatically:

Notify the manager

Disable the account

Change the password

Move the account to a specified OU

Remove the account


User Accounts – Last Logon Time

11

Role and Group Assignment

Review group and role assignments to ensure that user accounts meet established membership conditions and the

principle of least privilege.


Ensure that users are added security groups and access

roles in accordance with the least privilege principle and

only with proper authorization.


Security Group Membership Changes

Azure AD reports

Group Membership Changes in Azure AD


Group Members

Effective Group Membership

Windows Server State-in-Time reports

Local Users and Groups

Monitor privileged group and role assignments to prevent

unauthorized privilege escalation, and regularly review the

membership of these groups and roles to validate the need

for privileged access.


Administrative Group Membership Changes


Temporary Users in Privileged Groups




Administrative Group Members


Members of Local Administrators Group

Oracle Database reports

Privilege Management

SQL Server reports

All SQL Server Activity by Object Type (Object

Type = Server Role | Database Role

|Application Role)

Predefined alerts

Group Membership Changes

12

Personnel Status Changes

Ensure proper handling of the accounts and access permissions of temporary, transferred or terminated employees.


Review audit trails to confirm that the user accounts of

temporary and terminated employees are disabled or

removed in all information systems and applications

according to your policy.




Review current access permissions of transferred or

reassigned employees with particular attention on

sensitive and regulated data to ensure they do not exceed

their new job requirements.



Active Directory State in Time reports

Users and Computers - Effective Group

Membership


Sensitive File and Folder Permissions Details

Access Enforcement

Ensure user permissions comply with your access control policies.


Review access permissions for sensitive information assets

on a regular basis to identify and rectify the following:

Excessive permissions

Permissions assigned directly, rather than

through roles and groups

Broken permission inheritance

User Behavior and Blind Spot Analysis

Data Access

Excessive Permissions

File Servers State-in-Time reports

Folder and File Permission Details

Folder Permissions


Sensitive Files and Folders by Owner


Audit and alert on changes to permissions in order to

promptly spot any improper or authorized modifications.

Predefined alerts

File Share Permissions Changed

Object Permissions Changed in Active

Directory

Security Changes on Windows Server


13

Least Privilege

Maintain user access permissions based on the principle of least privilege.


Regularly review access rights granted to users and roles to

ensure users have only the permissions they need to do

their jobs.


Excessive Permissions


Object Security Changes

Security Group Changes


Account Permissions in Active Directory

Object Permissions in Active Directory

Users and Computers - Effective Group

Membership

Group Policy Changes reports

User Rights Assignment Policy Changes

Security Settings Changes

Exchange Server reports

Mailbox Delegation and Permissions Changes

File Servers Activity reports

Permissions Changes

File Servers State-in-Time reports

Account Permissions

Excessive Access Permissions

Folder and File Permission Details

Folder Permissions


File Share Changes

Ensure that privileged accounts are restricted to the

specific users and roles who need access to security-related

functions on the information systems.

Predefined alerts

User Added to AD Administrative Group

User Added to Windows Server Administrative

Group

Ensure that privileged administrative accounts are used

exclusively for performing security-related tasks.

Interactive Search

Who = privileged account

Windows Server User Activity reports

User activity video recording (available even

for systems and applications that do not

produce logs)

14

Remote Access

Monitor remote access connections to ensure they conform to organizational secure access policies.


Review detailed remote access logon events along with AD

logon activity.

Interactive Search

(Object Type = RADIUS Logon)

Active Directory - Logon Activity reports

Netwrix Auditor Add-on for RADIUS Server

Monitor changes to security groups used for remote access

authorization.


Security Group Membership Changes

Interactive Search

Object Type = Group AND What CONTAINS

GroupID

Predefined alerts

Group Membership Changes

Wireless Access

Monitor wireless network connections for conformance with your wireless networking policies.


Monitor wireless connections to your networks. Netwrix Auditor Add-on for Cisco Network Devices

Monitor your wireless networking policies for unauthorized

or inappropriate changes.

Active Directory – Group Policy Changes reports

Wireless Network Policy Changes

Use of External Information Systems

Control the use of external information systems, including cloud-based services.


Audit user activity in SharePoint Online, Exchange Online

and OneDrive for Business in order to discover and prevent

violations of your information handling policies, such as the

storing of sensitive data outside of your control

boundaries.

Office 365 Overview Dashboards

SharePoint Online reports

All SharePoint Online Activity by User

Content Management

Data Access

Sharing and Security Changes


Information Disclosure

Suspicious Files

15


Audit and accountability measures are intended to maintain a trail of activity in information systems that ensures individuals

can be held accountable for their actions. Netwrix Auditor directly implements many of the audit and accountability

requirements by capturing a complete audit trail and securely storing it for more than 10 years, enabling easy access to

audit information for investigations and compliance reviews, and enabling video recording of user activity in systems that

do not produce audit events.

Audit Record Generation

Generate audit records containing information that establishes what type of event occurred, when and where it occurred,

the source of the event, the outcome of the event, and the identity of any individuals associated with the event.


Collect detailed records (including Who, What, When,

Where and Where details) of events in your information

systems and applications.

A complete audit trail from across all IT systems and

applications

Data-in API, which enables creation of add-ons for

integrating Netwrix Auditor with other systems and

applications

Adjust the data collection settings to ensure the audit trail

contains all required details.

Review reports and Interactive Search results and

fine-tune monitoring plans as needed

Audit Record Retention

Retain audit records for the time period required by your record retention policy or by compliance regulations.


Store your audit data in a way that ensures easy access for

incident investigations while meeting long-term retention

requirements specified by your policies or regulatory

mandates.

AuditArchive™, a two-tiered storage that provides:

SQL Server audit database for operational

reporting (data is stored for 180 days by

default)

Separate file-based archive for long-term

storage of audit data (data is stored for 10

years by default)

16

Audit Trail Review

Regularly review audit records for indications of inappropriate or unusual activity and report findings to appropriate

personnel, such as your incident response team or InfoSec group.


Regularly review a consolidated audit trail across your

critical information systems.

Predefined change and activity reports


Interactive Search

Export reports for evidence when reporting inappropriate

or unusual activity to responsible security staff.

Export of reports to a variety of formats, including

PDF and Microsoft Excel

Configure alerts to automatically trigger incidents in your IT

service support management (ITSSM) solution.

Netwrix Auditor Add-On for ServiceNow Incident

Management (ticket creation)

Add audit records from other key systems and applications

to your system-wide, time-correlated audit trail.

Netwrix Auditor Add-On for Cisco Network Devices

Netwrix Auditor Add-On for Linux Systems

Netwrix Auditor Add-On for Privileged User

Monitoring on Linux and Unix Systems

Netwrix Auditor Add-On for RADIUS Server

Data-in API, which enables creation of add-ons for

integrating Netwrix Auditor with other systems and

applications

Report Generation and Audit Reduction

Provide summary reports to support on-demand audit review, analysis and reporting requirements and incident

investigations without altering the original audit logs.


Aggregate audit records from multiple information

systems.

Enterprise Overview Dashboards, Overview

Diagrams, Organization Level reports, predefined

change and activity reports


Generate custom reports on events of interest across all

monitored systems.

Reports based on Interactive search results

17

Protection of Audit Information

Protect audit information and audit tools from unauthorized access, modification and deletion.


Protect audit information by storing it in a physically

separate repository.

AuditArchive™, a two-tiered storage that provides:

SQL Server audit database for operational

reporting

Separate file-based archive for long-term

storage of audit data

Restrict access to audit records and tools by assigning

security personnel to operational roles using the least

privilege principle

Role delegation for audit configuration and review,

both on the global level and on the individual

monitoring plan level

Monitor changes to your audit configuration settings to

spot modification that could reduce the level of audit,

either intentionally or by accident.

Group Policy Changes reports

Audit Policy Changes


Audit Log Clearing report

Local Audit Policy Changes report

Session Audit

Capture user activity for audit purposes.


Record user activity in mission-critical systems. Windows Server User Activity reports

User activity video recording (available even

for systems and applications that do not

produce logs)

Response to Audit Processing Failures

Monitor for audit processing failures and take corrective actions to restore normal audit capturing process.


Monitor the status of audit data collection across

managed systems and audit storage capacity on a regular

basis

Health Status dashboard

Health Summary report

Alert designated personnel about audit failures. Event Log Manager

System health alerts

18


Configuration management is required to ensure that the configuration of information systems complies with internal

policies and external regulations, and that all changes are both proper and authorized.

Baseline Configuration

Establish and maintain baseline configurations and inventories of organizational information systems.


Review the configuration of your Windows servers and

identify deviations from the established baseline.


Windows Server Inventory

Windows Server Configuration Details

Members of Local Administrators Group

Configuration Change Control

Audit changes to the configuration of your information systems.


Review changes to the server and network infrastructure

to ensure that only authorized changes are being

implemented in accordance with you change

management procedures.


Windows Server Changes

Active Directory – Group Policy Changes

VMware reports

All VMware change

SharePoint reports

SharePoint Configuration Changes

Exchange reports

Database Changes

New Exchange Servers

Interactive Search

Source = Windows Server

Source = Policy

Source = Netwrix API

Identify inappropriate or unapproved changes (e.g.,

installation of non-approved software).


Windows Server Changes with Review Status

Alert designated security personnel to critical change

events to enable timely response.

Custom alerts on specific configuration changes

19

Access Restrictions for Changes

Establish and enforce logical access restrictions associated with changes to the information system.


Ensure that information system configuration is limited to

authorized users by reviewing privileged security groups

and monitoring changes to their membership.


Members of Local Administrator Group

Local Users and Groups



Predefined alerts

User Added to Windows Server

Administrative Group

User-Installed Software

Control and monitor user-installed software.


Exercise security control over programs and applications

on your critical Windows Servers by maintaining an

inventory of resident software and ensuring that only

permitted software is installed.


Windows Server Configuration Details

Installed Software

20

Incident Response

Incident response controls prescribe careful planning of response measures to security incidents on the organizational

level, along with proper training of personnel and regular testing of the plan. The plan should cover incident detection,

analysis, containment and recovery. Netwrix Auditor capabilities relating to incident response revolve around the detection

(including automated response triggering through the ServiceNow integration) and analysis aspects of security incident

handling.

Incident Detection

Detect security incidents in a timely manner.


Regularly review user activity (system logons, resource

access, configuration changes) across information systems

to spot abnormal behavior that could lead to a security

breach.

Behavior Anomalies Discovery

Top users with behavior anomalies

Detailed trail of user anomalous behavior




Access to Archive Data

Data Access Surges

Activity Outside Business Hours

Failed Activity Trend

Logons by Multiple Users from Single

Endpoint



Configure alerts to automatically notify designated

security staff of a potential incident, based on either a

triggering event or a defined threshold.

Predefined alerts

User Account Locked Out




Unrestricted Access to the File Share

Custom alerts based on either a triggering event or a

defined threshold

21

Incident Analysis

Investigate anomalous activity and events that are detected.


Perform forensic analysis of each potential security

incident to understand its full scope and impact on

information systems and protected data, and determine

appropriate response measures including reporting of the

incidents within the organization and to authorities and

affected parties.

Interactive Search

Who and Where filters

Windows Server User Activity reports

Replay of user activity video recordings


Detailed trail of user anomalous behavior



Adjust alerts settings or create new alerts based on

findings from the security incident analysis.

Custom alerts based on Interactive Search

Incident Mitigation

Respond quickly to a security incident to mitigate its effects.


Automate the triggering of incident response procedures

upon detection of suspicious activity to ensure timely

response and remediation.

Netwrix Auditor Add-On for ServiceNow Incident

Management

Quickly revert unauthorized changes to accounts and

configuration.

Predefined change reports

Before and after details

Object Restore for Active Directory tool

22

Risk Assessment

Every organization needs to conduct information system risk assessments to understand the likelihood and magnitude of

harm from various threats so they can prioritize them and mitigate risk to an acceptable level. Netwrix Auditor reports on

configuration risk factors common in Microsoft-centric IT infrastructures and estimates their impact in your environment.

Risk Assessment

Regularly assess risks to your information systems and act on the findings.


Examine the configuration of your information systems

using common security best practices and identify risks

that may require mitigation in the following areas:

Account management

Data governance

Security permissions

IT Risk Assessment reports

IT Risk Assessment: Users and Computers

IT Risk Assessment: Data

IT Risk Assessment: Permissions

Review the results of data discovery and classification to

assess the risks posed by sensitive data not being stored

and processed according to the established data security

policy.


Overexposed Files and Folders

Most Accessible Sensitive Files and Folders

Sensitive Files Count by Source

File and Folder Categories by Object


Conduct the security categorization process for the data hosted by the organization.


Perform automated discovery of relevant types of

sensitive and regulated data in unstructured data

repositories (file shares) in order to prioritize data

protection measures.

DDC Collector Console that enables you to adjust

predefined data categorization rules or define new

rules

23


System and information integrity measures aim to protect information systems and the data they store and process from

being compromised by outsider attackers and malicious insiders. Netwrix Auditor reports and alerts on user behavior

indicative of an attack or unauthorized use of information systems.

Information System Monitoring

Monitor your information systems for indicators of potential attacks and unauthorized activity.


Spot and investigate anomalies in user behavior in time to

block external attackers who have compromised valid

user accounts, as well as trusted insiders who have gone

rogue.


List of users with the most behavior

anomalies

Detailed trail of each user’s anomalous

actions

Configure alerts to automatically notify designated

security staff of a potential attack or unauthorized activity.

Predefined alerts

User Account Locked Out




Unrestricted Access to the File Share

Custom alerts based on either a triggering event or a

defined threshold

24

Information Management and Retention

Manage and retain sensitive personal information in accordance with applicable laws, regulations and operational

requirements.


Ensure that personally identifiable and other sensitive

information in the organizational data repositories is

appropriately secured, including protection against

unauthorized disclosure or accidental loss


Overexposed Files and Folders

Most Accessible Sensitive Files and Folders


Monitor for personally identifiable and other sensitive

information in the organizational data repositories, which

exceeds its legitimate retention time.




Establish processes and procedures to support customers

wishing to exercise their data subject rights:

Right of access

Right to rectification

Right to erasure (right to be forgotten)

Right to portability

DDC Collector Console that enables you to locate

personal data instances

Data Sanitization

Perform data sanitization on sensitive information outside of authorized storage boundaries.


Monitor file and document repositories for sensitive

information in order to apply appropriate de-identification,

redaction or similar measures to mitigate the risk of

unauthorized data access.




25

About Netwrix

Netwrix Corporation is a software company focused exclusively on providing IT security and operations teams with

pervasive visibility into user behavior, system configurations and data sensitivity across hybrid IT infrastructures to protect

data regardless of its location. Over 9,000 organizations worldwide rely on Netwrix to detect and proactively mitigate data

security threats, pass compliance audits with less effort and expense, and increase the productivity of their IT teams.

Founded in 2006, Netwrix has earned more than 140 industry awards and been named to both the Inc. 5000 and Deloitte

Technology Fast 500 lists of the fastest growing companies in the U.S.

Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes,

configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security

intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent

real damage.

Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC

storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware and Windows Server.

Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your

on-premises or cloud-based IT systems in a unified way.

For more information, visit www.netwrix.com

If you want to evaluate Netwrix Auditor in your environment, choose one of the deployment options below. To see Netwrix

Auditor in action without having to download and install it, visit netwrix.com/testdrive.

Corporate Headquarters:

300 Spectrum Center Drive, Suite 200, Irvine, CA 92618

Phone: 1-949-407-5125 Toll-free: 888-638-9749 EMEA: +44 (0) 203-588-3023 netwrix.com/social

On-Premises Deployment

Download a

Free 20-day trial

netwrix.com/go/freetrial

Virtual Appliance

Download our

virtual machine image

netwrix.com/go/appliance

Cloud Deployment

Deploy Netwrix Auditor

in the сloud

netwrix.com/go/cloud

https://www.netwrix.com/?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://www.netwrix.com/auditing_it_infrastructure_testdrive.html?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://www.netwrix.com/social_communities.html?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://www.netwrix.com/auditor.html?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://plus.google.com/+Netwrix

https://www.netwrix.com/virtual_appliances.html?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://www.netwrix.com/cloud_opportunities.html?utm_source=content&utm_medium=mapping&utm_campaign=sox-mapping

https://twitter.com/Netwrix

https://www.facebook.com/Netwrix/

https://www.youtube.com/user/NetWrix

https://community.spiceworks.com/pages/NetWrix

https://www.linkedin.com/company/455932/

Documents

SOX/COBIT Framework - netwrix.com · SOX requires all listed companies to adopt Internal Controls over Financial Reporting (ICFR) and establish internal auditing ... control families;